Security on Zoom: How safe is user data?

Due to the unprecedented quarantine following the recent COVID-19 pandemic, there has been an increase in the number of users on a streaming site called Zoom, from 10 million users in December to a recent 300 million users (and counting) in May. This website/desktop client allows users to easily access and use live streams as supplementary time for school classrooms and occupational meetings. However, Zoom’s ease of use has made it easy for troublemakers to gather data from Zoom meetings.

Junior James Gaston compares the popularity of Zoom to other streaming services. “Zoom isn’t as popular as Skype and other apps that have been around longer,” claims Gaston. “But in comparison, Zoom is fairly easy to use.”

There are, however, legitimate concerns for the platform’s safety policy. Zoom’s privacy policy gave the company the right to do whatever it wanted with user data, based on data leakages to some information centers in China. Despite Lea Kissner, former Google leader of privacy technology and now a security consultant for Zoom, saying that the company is designed to scale to meet heavy usage demands, Zoom has claimed that the leaks to Chinese data centers were due to an overhaul of users on the platform. Even so, non-Chinese Zoom users aren’t supposed to be rerouted to Chinese data centers, and China’s lack of strict data privacy law enforcement allows them to view encrypted calls, almost on demand. As a response to these privacy concerns, on April 1st, 2020, Zoom CEO Eric S. Yuan pledged to focus on fixing Zoom security issues rather than developing the platform.

Due to these previous concerns, happening around the scope of late March to early April, some school systems (especially those in New York) have outright banned usage of the desktop app. This is a legitimate concern, as most of these leaks of data were shown to come from the desktop client. As of April 21, 2020, Zoom’s 5.0 update has masked some privacy issues by making user information more latent in their databases. The update also featured the option to have passwords by default, general improvements to data encryption, and a new security icon to control meetings.

Gaston further provides insight into his experience with Zoom’s accessibility. “For me, I needed to get the app to use it because before I did, it wouldn’t let me join any links,” proclaims Gaston. “It didn’t allow me to use it with just the website.”

Though many people have issues and grievances towards the platform, Zoom’s website explains how their privacy policy works. According to the website, Zoom offers chat encryption, a secure communication where only the intended recipient can read it. Additionally, recordings on the website are locally stored, and they can be encrypted when desired using special tools, as well as when they are being shared and deleted. This can be done because Zoom is equipped with tools to encrypt calls using unique hardware methods for the website/desktop app. Like with MCPS, Zoom offers specially designated and managed domains for organizations, keeping these aforementioned members’ accounts in tightly-knit Zoom communities. Finally, for user purposes, Zoom only stores basic information, including one’s name (first and last), email, and username.